Sample Analysis of Kimsuky's Attacks - iso
Contents
Sample Analysis of Kimsuky's Attacks - iso
Latest Research|December 18, 2024
iso files are disc image files that can contain file systems, files, directory structures, startup information and other content. The malicious sample is packaged as an iso file to induce the victim to click on the lnk file, which launches a bat script to disguise the malicious behaviour by installing normal software, and at the same time downloads a malicious macro file, which ultimately downloads a malicious payload for execution, and the running process is very similar to the sample involved in article â , and the whole flow chart is shown below:
The sample works by spoofing a malicious iso file as RapportSetup, the iso contains a malicious lnk file for RapportSetup as well as a hidden template malicious script and an installer for IBM's security products called RapportSetup.exe.
When the lnk file with the name RapportSetup is clicked, the template.bat malicious …
Latest Research|December 18, 2024
iso files are disc image files that can contain file systems, files, directory structures, startup information and other content. The malicious sample is packaged as an iso file to induce the victim to click on the lnk file, which launches a bat script to disguise the malicious behaviour by installing normal software, and at the same time downloads a malicious macro file, which ultimately downloads a malicious payload for execution, and the running process is very similar to the sample involved in article â , and the whole flow chart is shown below:
The sample works by spoofing a malicious iso file as RapportSetup, the iso contains a malicious lnk file for RapportSetup as well as a hidden template malicious script and an installer for IBM's security products called RapportSetup.exe.
When the lnk file with the name RapportSetup is clicked, the template.bat malicious …
IoC
http://trusteer.ink/rapport/ca.php
296650b7faefae250ba871f043551b91
296650b7faefae250ba871f043551b91